Overview

overview

10

Static

static

1

Requiremen...mm.exe

windows7_x64

10

Requiremen...mm.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Requirement of Sonic Tube 50 mm.zip

  • Size

    233KB

  • Sample

    210226-v815h5d4kj

  • MD5

    42657d8af3286f2f09d7ba28bd45190e

  • SHA1

    eeffed660c4db3b31eda8f34ccb1d7fae892723f

  • SHA256

    6656741ace870d4bdc2258255f94b7d34e2d596af1b3e08755331b3e60771a8e

  • SHA512

    6a55de3fc2bf60170c99f7ddb7b81e506bd9dc782f2a3620a725e7cea2c1019f5e92e127c3f3944961309026e9b158c308404f9d3fbe9c5ae94c473c4aaf2224

Score
10/10
formbookratspywarestealertrojan

Malware Config

Extracted

Family

formbook

C2

http://www.fun4gang.xyz/thg/

Decoy

retrospectphotographydesign.com

jafodraws.com

cigiwie.space

upgradecarehealth.com

12ts.xyz

111indianbend.com

qqchbakery.com

0831xx.com

supecret.com

ayfadopple.com

coldwateradvisors.com

forexgiftcard.com

actionconsultingchile.com

mpsconcrete.net

carmallc.com

b167888.com

simonking.xyz

elitedigitalperformance.com

essentialjanitorialservices.com

barcosocasionberga.com

Targets

    • Target

      Requirement of Sonic Tube 50 mm.exe

    • Size

      299KB

    • MD5

      5e51248701b8a456d39854abfe287c86

    • SHA1

      e4c46f8e5d7eceeaab88591c75fb55c8c52b963c

    • SHA256

      c1a40dbca9d28ac760447f501d812b82312be281ee699fdcc4a6a543077caa3d

    • SHA512

      f122ce0ee0daa496fc5714f8e7f0cdffa590877e16a3aba4980afbf9007942264b0ca71de16af81a188e089ffcb39f1ffaf75d0b635ac1b662ff424661f297ee

    Score
    10/10
    formbookratspywarestealertrojan

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

      trojanspywarestealerformbook

    • Formbook Payload

      rat

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks